3 Replies Latest reply on Oct 4, 2013 5:03 AM by rutlucas

    Fine grained authorization within the content of portlet in a portlet application

    deepak.sambrani
    deepak.sambrani Oct 2, 2013 7:04 AM

      Can anyone please guide me how to do fine grained authorization of the content of a portlet. I mean certain portions within the portlet should be visible to certain users/roles. I would like to have this authorization logic externalized rather than embed within portlet.

       

      Thanks in advance.

      • 586 Views
      • Categories: Administration, Customizing Portal, GateIn Portal 3.1, GateIn Portal 3.2, GateIn Portal 3.3, GateIn Portal 3.4, GateIn Portal 3.5, GateIn Portal 3.6, GateIn Portal 3.7, GateIn Portal 3.x, GateIn Portal 4.0, GateIn Portal 4.x, Portlet Development, Security and IDM
      • Tags:
        • 1. Re: Fine grained authorization within the content of portlet in a portlet application
          rutlucas
          rutlucas Oct 2, 2013 7:11 AM (in response to deepak.sambrani)

          By default, GateIn Portal allows to define security by Portlet.

           

          Inside a portlet you need to invoke to Organization API to check wich user / role / membership you have and add your authorization logic inside your logic.

           

          For example:

           

          OrganizationService os = (OrganizationService)PortalContainer

                          .getInstance()

                          .getComponentInstanceOfType(OrganizationService.class);

           

               

                  try {

                      Collection groups = os.getGroupHandler().findGroupsOfUser(user);

                      for (Object o : groups) {

                          Group g = (Group)o;

                        

                              if (g.getId().equals("mygroup")) {

                                  try {

                                      Membership m = os.getMembershipHandler().findMembershipByUserGroupAndType(user, g.getId(), "mymembership");

                                      // Do something

                                  } catch (Exception e) {

                                      log.warning("Error querying user");

                                      e.printStackTrace();

                                  }

                              }

                          }

                     

          Hope this helps.

            • Actions
          • 2. Re: Fine grained authorization within the content of portlet in a portlet application
            deepak.sambrani
            deepak.sambrani Oct 3, 2013 4:37 AM (in response to rutlucas)

            Thanks Lucas for your quick response...

                This way we will be embedding the authorization logic inside the Portal application. Is there any way we can externalize the authorization policies just the way we can do for the Web application using XACML/Authz ? In portlets we don't have the URLs.

              • Actions
            • 3. Re: Fine grained authorization within the content of portlet in a portlet application
              rutlucas
              rutlucas Oct 4, 2013 5:03 AM (in response to deepak.sambrani)

              Mmm I don't see a easy way to do it out-of-the-box, I'm not expert in security, but the Portlet 2.0 spec is limited about it.

              I think that you can handle your logic internally, or in other case, to build your own custom web filter in top of portal application to handle XACML/Authz tokens and authorization logic.

              Regards,

              Lucas

                • Actions